[Secure-testing-commits] r2464 - / data data/CVE data/DSA tsck

Joey Hess joeyh at costa.debian.org
Wed Oct 19 23:18:03 UTC 2005 

Author: joeyh
Date: 2005-10-19 23:17:58 +0000 (Wed, 19 Oct 2005)
New Revision: 2464

Modified:
   TODO
   data/CVE/list
   data/DSA/list
   data/README
   data/resources
   tsck/tsck.py
Log:
misc other CAN references, should be complete now except for the python
code


Modified: TODO
===================================================================
--- TODO	2005-10-19 23:12:59 UTC (rev 2463)
+++ TODO	2005-10-19 23:17:58 UTC (rev 2464)
@@ -39,7 +39,7 @@
 
 * Create a repo of security patches
 
-* Add user tags to security bugs to add a CAN number and a "tracked" for each analyzed
+* Add user tags to security bugs to add a CVE number and a "tracked" for each analyzed
   security bug. 
 
 * Retroactive updating of the list for not-affected and others

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-10-19 23:12:59 UTC (rev 2463)
+++ data/CVE/list	2005-10-19 23:17:58 UTC (rev 2464)
@@ -5345,7 +5345,7 @@
 	- websieve <unfixed> (bug #311838; low)
 	NOTE: second half of bug suggets lack of escaping of user data
 	NOTE: could be used to compromise program somehow
-	NOTE: that is not covered by the CAN though due to vagueness
+	NOTE: that is not covered by the CVE though due to vagueness
 CVE-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...)
 	NOT-FOR-US: phpCMS
 CVE-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
@@ -10151,8 +10151,8 @@
 CVE-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a ...)
 	- xerces25 2.5.0-4
 	- xerces24 2.4.0-4
-	NOTE: maintainer believe that this CAN doesn't apply to xerces23 (see bug #296432)
-	NOTE: maintainer believe that this CAN doesn't apply to xerces21 (see bug #296466)
+	NOTE: maintainer believe that this CVE doesn't apply to xerces23 (see bug #296432)
+	NOTE: maintainer believe that this CVE doesn't apply to xerces21 (see bug #296466)
 CVE-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote ...)
 	NOT-FOR-US: Vypress
 CVE-2004-1573 (The documentation for AJ-Fork 167 implies that users should set ...)
@@ -12689,7 +12689,7 @@
 	RESERVED
 CVE-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote ...)
 	{DSA-614-1}
-	NOTE: only indication that it's this CAN is in the debian package changelog
+	NOTE: only indication that it's this CVE is in the debian package changelog
 	- xzgv 0.8-3
 CVE-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...)
 	{DSA-604-1}
@@ -12741,7 +12741,7 @@
 CVE-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...)
 	{DSA-603-1}
 	- openssl 0.9.7e-3
-	NOTE: also includes other security fixes than this CAN
+	NOTE: also includes other security fixes than this CVE
 CVE-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and ...)
 	NOTE: local; low
 	- netatalk 1.6.4a-1
@@ -14022,7 +14022,7 @@
 	{DSA-518}
 CVE-2004-0410
 	RESERVED
-	NOTE: An empty CAN, never published.
+	NOTE: An empty CVE, never published.
 CVE-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 ...)
 	{DSA-493}
 	- xchat 2.0.8-1

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-10-19 23:12:59 UTC (rev 2463)
+++ data/DSA/list	2005-10-19 23:17:58 UTC (rev 2464)
@@ -919,7 +919,7 @@
 [19 Jan 2005] DSA-645-1 cupsys - buffer overflow
 	{CVE-2005-0064}
 	NOTE: cupsys not affected in sarge, though other programs are vulnerable
-	NOTE: see CAN/list
+	NOTE: see CVE/list
 	NOTE: not fixed in testing at time of DSA
 [18 Jan 2005] DSA-644-1 chbg - buffer overflow
 	{CVE-2004-1264}
@@ -1075,11 +1075,11 @@
 	- openssl 0.9.7e-3
 [29 Nov 2004] DSA-602-1 libgd2 - integer overlow
 	{CVE-2004-0941 CVE-2004-0990}
-	NOTE: different from fixes from earlier DSA for these CANs; 2004-0941 new
+	NOTE: different from fixes from earlier DSA for these CVEs; 2004-0941 new
 	- libgd2 2.0.33-1.1
 [29 Nov 2004] DSA-601-1 libgd1 - integer overflow
 	{CVE-2004-0941 CVE-2004-0990}
-	NOTE: different from fixes from earlier DSA for these CANs; 2004-0941 new
+	NOTE: different from fixes from earlier DSA for these CVEs; 2004-0941 new
 	- libgd 1.8.4-36.1
 [25 Nov 2004] DSA-599-1 tetex-bin - integer overflows
 	{CVE-2004-0888}
@@ -2363,7 +2363,7 @@
 	- tcpdump 3.7.2-1
 [10 Dec 2002] DSA-205 gtetrinet - buffer overflow
 	- gtetrinet 0.4.4-1
-	NOTE: no CAN not CVE for this one
+	NOTE: no CVE for this one
 [05 Dec 2002] DSA-204 kdelibs - arbitrary program execution
 	{CVE-2002-1281 CVE-2002-1282}
 	- kdelibs 4:3.1.0-1
@@ -2419,14 +2419,14 @@
 	{CVE-2001-0131 CVE-2002-1233}
 	- apache 1.3.27-1
 	TODO: CVE-2002-0843 appears to be listed twice in this DSA
-	TODO: (once with NO-CAN)
+	TODO: (once with NO-CVE)
 [04 Nov 2002] DSA-187 apache - several vulnerabilities
 	{CVE-2002-0839 CVE-2002-0840 CVE-2002-0843}
 	- apache 1.3.27-0.1
 	{CVE-2001-0131 CVE-2002-1233}
 	- apache 1.3.27-1
 	TODO: CVE-2002-0843 appears to be listed twice in this DSA
-	TODO: (once with NO-CAN)
+	TODO: (once with NO-CVE)
 [01 Nov 2002] DSA-186 log2mail - buffer overflow
 	{CVE-2002-1251}
 	- log2mail 0.2.6-1

Modified: data/README
===================================================================
--- data/README	2005-10-19 23:12:59 UTC (rev 2463)
+++ data/README	2005-10-19 23:17:58 UTC (rev 2464)
@@ -29,7 +29,7 @@
 	description, put it in square brackets instead.
 {id id id}
 	This is used to link to other ids that describe the same hole.
-	Generally used to link DSAs to CAN's and CVEs and back.
+	Generally used to link DSAs to CVEs and back.
 UPCASE
 	Any word in upper case, typically NOTE, HELP, TODO, RESERVED,
 	REJECTED, NOT-FOR-US.

Modified: data/resources
===================================================================
--- data/resources	2005-10-19 23:12:59 UTC (rev 2463)
+++ data/resources	2005-10-19 23:17:58 UTC (rev 2464)
@@ -1,8 +1,7 @@
-Full CAN and CVE lists:
-http://cve.mitre.org/cve/candidates/downloads/full-can.html
-http://cve.mitre.org/cve/downloads/full-cve.html
+Full CVE lists:
+http://www.cve.mitre.org/cve/downloads/
 
-CANs that do not affect sarge (maintained by regular security team):
+CVEs that do not affect sarge (maintained by regular security team):
 http://www.debian.org/security/nonvulns-sarge
 
 Ultra Monkey kernel security database:

Modified: tsck/tsck.py
===================================================================
--- tsck/tsck.py	2005-10-19 23:12:59 UTC (rev 2463)
+++ tsck/tsck.py	2005-10-19 23:17:58 UTC (rev 2464)
@@ -94,7 +94,7 @@
 print "Generating system-specific security overview for " + suite
 
 for i in vulns:
-    if i.startswith("CAN-"):
+    if i.startswith("CVE-"):
 
         if len(cve) > 0 and len(pkg_name) > 0:
             if source_packages.has_key(pkg_name):

More information about the Secure-testing-commits mailing list